It's World Password Day again, a day we observe to reflect on our password habits, to learn more about securing our privacy and to outsmart increasingly-effective hacking tools.
On World Password Day, we take a look at how poor password hygiene impacts not only businesses and big data companies, but users themselves.
We have been through this before, and will be in the foreseeable future because no matter how much cyber-security experts, e-mail vendors and security firms harp on the evils of simple and easy-to-guess passwords, especially on World Password Day, a majority of internet users today are still using them, unmindful of the threats around the corner.
So far this year, “123456" continues to be the most commonly used passwords in the world, signifying that the honeymoon period of hackers continues unabated. What's music to their ears is that other passwords like 123456789, Qwerty, 12345678, 111111, 1234567890, 1234567 and 123123 continue to remain the most popular choices among internet users, at the cost of other difficult-to-hack alphanumeric passwords. What's more worrying is that a bulk of internet users are using the same passwords for all their online accounts.
"Having the same password for all your accounts is like having a master key that fits any door – it's convenient for you, but extremely dangerous if that key gets into the wrong hands. If a hacker managed to crack one password, they could use it to hijack an email account, steal personal data and even target your family, friends and work. The most commonly used method for this is a phishing attack, where the hacker sends fake emails from your real account, pretending to be you," says Thomas Fischer, threat researcher and security advocate at Digital Guardian.
"Hackers are known to use something called a "brute-force attack", where they use a computer program to systematically check many combinations of common words and numbers, to guess a password. This means that the shorter and simpler a password is, the easier it is to crack using a brute-force. By using a longer, more complex “passphrase” instead of a password, we can make it exponentially harder for hackers to break. If a password takes too long to crack, hackers will simply move onto the next batch,” says Eduard Meelhuysen, Head of EMEA at Bitglass.
Password hygiene is no better in the UK than it is anywhere else in the world. According to a recent McAfee research, 50% of Brits are happy to share their passwords with others and that one in every three Brits writes down his/her password on paper. “People really need to get up to speed and start taking security seriously. Relaxed attitudes towards storing or securing passwords mean that they will be easy targets for cyber criminals who want to make a quick buck," said Nick Viney, Vice President of Consumer at McAfee.
With password hygiene not improving at all compared to previous years, those who are worried about internet security will continue to offer helpful advice on how to maintain strong passwords, how to ensure they are difficult to guess and how to keep complicated passwords without forgetting them.
"Password security used to be all about creating impossible passwords that were very difficult to remember, and now we do appreciate that it's much more important to create passwords that people are able to remember," said Professor Pam Briggs, chair in applied psychology at Northumbria University. She suggests users to choose three random words and put them together, making it easier to remember without writing it down.